search

giampaolo / psutil

Cross-platform lib for process and system monitoring in Python
BSD 3-Clause "New" or "Revised" License
10.11k stars 1.37k forks source link

Create a dedicated security policy file #2302

Closed pnacht closed 4 months ago

pnacht commented 10 months ago

Summary

Description

GitHub recommends that projects have a dedicated Security Policy file (SECURITY.md).

psutil already has a de facto security policy in the Contribution Guide, but having this information in a dedicated file makes the information easier to find. Not only is SECURITY.md a standard file security researchers look for, but if GitHub detects the file, it automatically adds its contents to the project's Security panel and adds a new "issue type" that directs users to the policy.

I'd therefore suggest moving the Tidelift information from the Contributor Guide to a dedicated file. I'll send a PR with a draft along with this issue.

Disclosure: My name is Pedro and I work with Google and the Open Source Security Foundation (OpenSSF) to improve the supply-chain security of the open-source ecosystem.

pnacht commented 4 months ago

Fixed by d9230a94074dd76832c3f9bfac129175a3c4c99f.